Siemens
Siemens Monthly Patches are out with 36 bulletins, 17 new and 19 updated. Of the new bulletins, 10 address vulnerabilities that are remotely exploitable without authentication with a highest CVSSv4 score of 10.
More info.
Industrial Edge Management contains an Authorization Bypass vulnerability that could allow a remote attacker to impersonate other devices onboarded to the system. CVSSv4 score of 10.
More info.
Schneider Electric Monthly Patches include 5 bulletins, 2 new and 3 updated. Of the new bulletins, highest CVSSv3 score of 7.8
More info.
SAP has published their Monthly Patches, with 19 Security Notes, 16 new and 3 updated. Of the new Notes, highest CVSSv3 score of 6.5
More info.
Echo Curve Viewer contains a vulnerability that allows a remote attacker to run malicious c# code included in curve files and execute commands in the users context. CVSSv3 score of 9.8
More info.
Multiple mGuard devices are vulnerable to a drain of open file descriptors. CVSSv3 score of 5.3
More info. And here.
Multiple mGuard devices are vulnerable to a remote code injection due to SSH. CVSSv3 score of 8.1
More info. And here.
HPE has identified DoS vulnerabilities in HP-UX System's NFSv4 and RPC. Highest CVSSv3 score of 9.3
More info. And here.
BD has published updates to fix third-party software in Kiestra TLA/WCA, Kiestra TLA Track, Kiestra ReadA, and Kiestra InoqulA.
More info.
LCOS contains a vulnerability that could allow a remote attacker to trigger a Heap Overflow in the web interface, resulting in a DoS.
More info. And here.
go-git vulnerabilities have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. Highest CVSSv3 score of 9.8
More info.
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Highest CVSSv3 score of 9.8
More info.
Amazon Linux 2 and Amazon Linux 2023 have updated the kernel and microcode. More info. And here.